Multiple Public IP over Same Interface with Same Gateway

essides · February 14, 2019, 1:54pm

Hi There,

Today my ISP provider gave to me a /29 ip range.

So I have following scenario:

ether1 : Public-IP-1, Public-IP-2 , etc..

I want to select the external IP that my diferent internal networks will use ( vlan10 , vlan 20, etc.. )

I tried to set different routes, with same IP ( gateway ) , but changing distance and “Pref. Source” and i set in Pref.Source my Public-IP-2
( Of course, I created different routing marks and I set in mange tab to my different networks )

But always get same result. Nothing change, same ip.

What is wrong ?

Thanks you.

cdiedrich · February 14, 2019, 2:02pm

You won’t need routes for this - all IPs of your /29 subnet will talk to the same gateway on your ISP’s side.

just create dedicated NAT rules:

/ip firewall nat
add chain=srcnat action=src-nat src-address=your.vlan.10.range/24 dst-address=0.0.0.0/0 to-address=your.public.ip-forVlan10
add chain=srcnat action=src-nat src-address=your.vlan.20.range/24 dst-address=0.0.0.0/0 to-address=your.public.ip-forVlan20
..and so on.

-Chris

anav · February 14, 2019, 4:28pm

cdierdrich
There are 10 types of people: Those who live in Bremen and those who live in Basil.
Make up your mind! (I visited Basel once and really liked the town - well except for some seedy places in Zurich the country is gorgeous!!

I thought this was an easy case of one to one mapping

take the first IP - and assign it to the router (client etc…)
then use netmap
assign ips 2-5 or howmany to private ips 192.168.XX.2-5 or something along those line…
The only decision left to make is whether or not to apply firewall rules to these one to one mappings.

Have I got the concept all wrong??

mkx · February 14, 2019, 6:03pm

OP mentioned different internal networks (VLANs) that should share individual public IPs … netmap doesn’t allow that, does it?

anav · February 14, 2019, 7:05pm

You are right, yes too tricky for me to wrap my one noodle around… keels over!

essides · February 15, 2019, 12:33pm

Hi to everyone,

I tried

/ip firewall nat add chain=srcnat action=src-nat src-address=10.10.30.0/24 dst-address=0.0.0.0/0 to-addresses=public-ip-address

(10.10.30.0/24 ) - vlan30 addresses

But it doesn’t work.

any suggestions?
Thanks you.

sebastia · February 15, 2019, 2:53pm

Try this

/ip firewall nat
add chain=srcnat action=src-nat src-address=your.vlan.10.range/24 dst-address=0.0.0.0/0 to-address=your.public.ip-forVlan10 out-interface=ether1

This rule should be before your current src-nat / masq rule.

essides · February 17, 2019, 3:30pm

It’s works, thanks you.

You have to set it before masquerade rule.